Back to overview

PHOENIX CONTACT: Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx

VDE-2019-001
Last update
05/14/2025 15:00
Published at
01/23/2019 13:02
Vendor(s)
Phoenix Contact GmbH & Co. KG
External ID
VDE-2019-001
CSAF Document
Download

Summary

Multiple vulnerabilities for FL SWITCH have been identified in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx version 1.0 to 1.34.

Impact

[TODO]

Affected Product(s)

Model no. Product name Affected versions
2891033 FL SWITCH 3004T-FX Firmware <=1.34
2891034 FL SWITCH 3004T-FX ST Firmware <=1.34
2891030 FL SWITCH 3005 Firmware <=1.34
2891032 FL SWITCH 3005T Firmware <=1.34
2891036 FL SWITCH 3006T-2FX Firmware <=1.34
2891060 FL SWITCH 3006T-2FX SM Firmware <=1.34
2891037 FL SWITCH 3006T-2FX ST Firmware <=1.34
2891031 FL SWITCH 3008 Firmware <=1.34
2891035 FL SWITCH 3008T Firmware <=1.34
2891120 FL SWITCH 3012E-2FX Firmware <=1.34
2891119 FL SWITCH 3012E-2FX SM Firmware <=1.34
2891067 FL SWITCH 3012E-2SFX Firmware <=1.34
2891058 FL SWITCH 3016 Firmware <=1.34
2891066 FL SWITCH 3016E Firmware <=1.34
2891059 FL SWITCH 3016T Firmware <=1.34
1026924 FL SWITCH 4000T-4POE-1SFP Firmware <=1.34
1026923 FL SWITCH 4000T-8POE-2SFP Firmware <=1.34
1026922 FL SWITCH 4004T-8POE-4SFP Firmware <=1.34
2891160 FL SWITCH 4008T-2GT-3FX SM Firmware <=1.34
2891061 FL SWITCH 4008T-2GT-4FX SM Firmware <=1.34
2891062 FL SWITCH 4008T-2SFP Firmware <=1.34
2891063 FL SWITCH 4012T-2GT-2FX Firmware <=1.34
2891161 FL SWITCH 4012T-2GT-2FX ST Firmware <=1.34
2891104 FL SWITCH 4800E-24FX SM-4GC Firmware <=1.34
2891102 FL SWITCH 4800E-24FX-4GC Firmware <=1.34
2891073 FL SWITCH 4808E-16FX LC-4GC Firmware <=1.34
2891074 FL SWITCH 4808E-16FX SM LC-4GC Firmware <=1.34
2891086 FL SWITCH 4808E-16FX SM ST-4GC Firmware <=1.34
2891080 FL SWITCH 4808E-16FX SM-4GC Firmware <=1.34
2891085 FL SWITCH 4808E-16FX ST-4GC Firmware <=1.34
2891079 FL SWITCH 4808E-16FX-4GC Firmware <=1.34
2891072 FL SWITCH 4824E-4GC Firmware <=1.34

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:57
Severity
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness
Missing Encryption of Sensitive Data (CWE-311)
Summary

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.

References
cve.org | nvd.nist.gov

Published
09/22/2025 14:57
Severity
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness
Improper Authentication (CWE-287)
Summary

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.

References
cve.org | nvd.nist.gov

Published
09/22/2025 14:57
Severity
8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness
Cross-Site Request Forgery (CSRF) (CWE-352)
Summary

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.

References
cve.org | nvd.nist.gov

Published
09/22/2025 14:57
Severity
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness
Uncontrolled Resource Consumption (CWE-400)
Summary

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.

References
cve.org | nvd.nist.gov

Published
09/22/2025 14:57
Severity
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Weakness
Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)
Summary

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

References
cve.org | nvd.nist.gov

Published
09/22/2025 14:57
Severity
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness
Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)
Summary

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images.

References
cve.org | nvd.nist.gov

Remediation

Remediation for CWE-319 (CVE-2018-13992)

Customers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.

Remediation for Multiple CWEs:

(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))

Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version 1.35 or higher, which fixes these vulnerabilities.
The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:

Article No. Model Updated Firmware
2891033 FL SWITCH 3004T-FX Download
2891034 FL SWITCH 3004T-FX ST Download
2891030 FL SWITCH 3005 Download
2891032 FL SWITCH 3005T Download
2891036 FL SWITCH 3006T-2FX Download
2891060 FL SWITCH 3006T-2FX SM Download
2891037 FL SWITCH 3006T-2FX ST Download
2891031 FL SWITCH 3008 Download
2891035 FL SWITCH 3008T Download
2891120 FL SWITCH 3012E-2FX Download
2891119 FL SWITCH 3012E-2FX SM Download
2891067 FL SWITCH 3012E-2SFX Download
2891058 FL SWITCH 3016 Download
2891066 FL SWITCH 3016E Download
2891059 FL SWITCH 3016T Download
1026924 FL SWITCH 4000T-4POE-1SFP Download
1026923 FL SWITCH 4000T-8POE-2SFP Download
1026922 FL SWITCH 4004T-8POE-4SFP Download
2891160 FL SWITCH 4008T-2GT-3FX SM Download
2891061 FL SWITCH 4008T-2GT-4FX SM Download
2891062 FL SWITCH 4008T-2SFP Download
2891063 FL SWITCH 4012T-2GT-2FX Download
2891161 FL SWITCH 4012T-2GT-2FX ST Download
2891104 FL SWITCH 4800E-24FX SM-4GC Download
2891102 FL SWITCH 4800E-24FX-4GC Download
2891073 FL SWITCH 4808E-16FX LC-4GC Download
2891074 FL SWITCH 4808E-16FX SM LC-4GC Download
2891086 FL SWITCH 4808E-16FX SM ST-4GC Download

Revision History

Version Date Summary
1 01/23/2019 13:02 Initial revision.
2 05/14/2025 15:00 Fix: added distribution, status to final